Secure IT @ Kansas State Computer Safety and You Neil Sindicich Cyber‐Security Analyst

advertisement
Secure IT @ Kansas State
Computer Safety and You
Neil Sindicich
y
y Analyst
y
Cyber‐Security
NeilSin@K‐State.edu
How to stay completely safe
“Yes, you’ve done an excellent job of
keeping our computer safe. But sooner or
you’ll have to plug
p g it in.”
later y
Who is responsible for
IT Security
S
it att K
Kansas St
State?
t ?
•You!
• Who else?
– Departmental Security Contacts
SecureIT.k‐state.edu/SIRT/members/FullContacts.html
– Security Incident Response Team (SIRT)
SecureIT.k‐state.edu/SIRT/members
– Central IT Security
SecureIT.K‐State.edu/itsec‐team
What are the concerns?
•
•
•
•
•
•
•
•
•
Identity Management
Email Dangers
Laptop Security
Antivirus
IT Policy
Peer 2 Peer File Sharing
Peer‐2‐Peer
VPN (Virtual Private Networking)
Wh
Where
to
t gett IT Security
S
it IInformation
f
ti
Best Practices
Identity Management
If someone steals your identity, does
that mean you’re wearing someone
else’s underwear?
SSNs, eIDs, and WIDs
• SSNs
– No longer
g used as id management
g
on campus
p
– Except in HR (taxes)
– Replacing SSN information with WIDs
• WIDs
– Nine digit number to replace SSNs on campus
– All eIDs start with
ith an “8” because
beca se SSNs can’t
– Found on your K‐State ID
• eIDs
– This is the first part of your email address.
– Used as a Login
g ID
eIDs
Used to log into many University systems like:
•
•
•
•
•
•
•
E‐mail
HRIS Employee Self Service
K State Online
K‐State
AV download
Databases and e
e‐Journals
Journals
VPN service
Samba file‐sharing service
•
•
•
•
•
•
iSIS
University computing labs
Central web server
Personal webpage
Calendar/Scheduler system
campus dial‐in services
Passwords
• When creating your eID you will be asked
to create a password.
password
• Safeguard your password
–
–
–
–
–
–
–
Don’t
’ send
d it
i to ANYONE
O iin an emailil
Don’t give it out
Don’t send it to ANYONE in an email
Don’t write it down
Don’t send it to ANYONE in an email
Don’t tell it to anyone
Don’t send it to ANYONE in an email
Strong Passwords
A strong
gp
password is one that has at least
eight characters including letters, numbers,
p
characters
and other non‐alphanumeric
A strong
gp
password can’t
be guessed and is very
time‐consuming to crack.
Strong Password: Example
Example:
A&Bh3cnJ,P,&E.
Ann and Bob have three children named Jason,
Paul, and Elizabeth.
Password Hints
If you can
can’tt remember all your passwords
passwords,
write down a HINT:
A&Bh3cnJ,P,&E. – “family”
Password Change
• Twice p
per year
y
– Why?
Increased security from cracking software
Also…
• If you’re
’ accountt is
i compromised
i d
• If you forget your password
eProfile
• http://eid.k‐state.edu
htt // id k t t d
• Password change
• Manage emergency contact settings
• Set secondary email address
Screensaver Password
Q
Quick
additional precaution
p
– Not a save‐all
• Screensaver activates after time away
• “Lock
Lock Screen
Screen”
– “Windows” + “L”
– Macs are user defined
http://tinyurl.com/mac‐screen‐lock
Email Dangers
Phishing, scams, and Malware – Oh, my!
Scams
• Nigerian
g
(419)
(4 9) Scams
• Beneficiary of a will
• “Over” Paying
• Donation Solicitations
• Soldier scam
Phishing
• Official looking Email
• Requests/demands personal information
• Threatens to close your account
• What can happen?
– Compromise your personal information
– Compromise University IT Security
– Send
S d Spam
S
to
t others
th
Examples
H l l t @ if
Helpalert1@sify.com
Why do they work?
• Social Engineering
g
g
– The weakness in the human machine
p
– Common emotional responses:
•Fear
•Curiosity
•Sympathy/Empathy
How to spot one?
• Be skeptical of everything in your email inbox
• Emails from official sources will never ask you
for a user name (eID) or password
• Check a reliable site that documents viruses,
hoaxes, scams, and/or fraud
– www.snopes.com
p
‐‐ Urban legends,
g
rumors, hoaxes
– www.fraud.org ‐‐ Internet and telemarketing fraud
• Search for the subject line using a major search
engine
• Check the links
Checking links
Hovering
g over a link in an email shows the
destination in the bottom of the window.
Report
p
to
"Abuse@k‐state.edu”
Malware
Any type of malicious software that is designed to
cause damage,
damage steal information or act in an
unexpected or undesirable manner
• Often sent as an email attachment
• Masquerades
q
as something
g useful
• Behavior varies greatly
• Attempts to spread to other users
• Blocked by Anti‐virus
I Love You.
MSBlaster.B
The original MSBlaster infected
1,000,000 machines worldwide
Jeffrey Lee Parson, 18, released
the first “variant,” which g
gave him
access to 7,000 infected machines
He included code that told the
worm to send system information
back to www.t33kid.com
He was caught because T33kid.com
was registered in his own name at
his home address.
Antivirus
Stay safe. Stay clean. Get protection.
Campus AV Solutions
http://Antivirus.k‐state.edu
• Windows:
Wi d
– Office Scan 8 (Soon upgrading t0 10)
• Mac:
– Symantec
– Trend Micro Security for Mac (Coming soon)
• Linux:
– ClamAV
Who needs AV?
• Any university‐owned computer
• Student‐owned
St d t
d computers
t
iin K
K‐State
St t res‐halls
h ll
• Computers connected to K‐State's Virtual
Private Network (VPN) or dial‐up modem
service
• Any computer that belongs to current K‐State
faculty, staff, or students who are connecting
to K‐State's wireless or wired networks.
Laptop Security
You wouldn’t leave your floofy dog
i th
in
the car alone,
l
either.
ith
Laptops are risky business…
Theft Prevention
• Never leave it unattended
• Lock your door or lock it in a cabinet
• Use a locking security cable
–
–
–
–
–
Room/office
Hotel room
Public locations
Conferences, training sessions
Cost $15
$15‐$50
$50, combination or key lock
• Use strong passwords on all accounts
31
Traveling
•
•
•
•
•
•
Don’t let it out of your sight when you travel
B watchful
Be
hf l at airport
i
security
i checkpoints
h k i
Always take it in your carry‐on luggage
U a nondescript
Use
d
i t carrying
i g case
Be careful if you take a nap in the airport
Don’t leave it in view in your vehicle
Wireless Safety
• K‐State, home, hotels, public “hot spots”
• Rule
R le of thumb
th b – FEAR WIRELESS!
Where to get more information:
• K‐State information:
http://www k‐state
http://www.k
state.edu/infotech/networks/wireless
edu/infotech/networks/wireless
• General wireless security:
http://www onguardonline gov/wireless html
http://www.onguardonline.gov/wireless.html
• Wireless terminology:
http://www onguardonline gov/wireless html#glossary
http://www.onguardonline.gov/wireless.html#glossary
Peer‐2‐Peer
You can “Party Like its 1999,” as long
as you pay P
Prince
i
b
before
f
you
download the music.
Dangers of it
• Violation of the Law and Policy
• Viruses
Vi e and
d worms
o
spread
e d as useful
ef l file
files
• Slowing other users on the network
• Sharing files on your computer that you
never intended
–
–
–
–
Bank Records
Personal Information
Confidential University Data
ocat o o
of tthe
e Presidential
es de t a Sa
Safehouse…
e ouse
Location
The Law (and policy too)
• Using file sharing software to download
copyrighted materials is against the law
and a violation of K‐State policy.
• Examples
E amples of P2P software
soft are are:
are
•
•
•
•
Lime Wire
eMule
BitTorrent
Ares Galaxy
Alternatives
You can pay to download music, movies, or TV
shows on a per
per‐item
item basis or through a monthly
subscription fee.
Some legal media download alternatives include:
–
–
–
–
–
–
Amazon’s MP3 and Video on Demand Stores
Apple’s
pp
iTunes
Yahoo’s Rhapsody
Walmart’s MP3 Music Downloads
7digital.com
NetFlix
Virtual Private Networking (VPN)
Insert clever quip about “Calling it in”
What does it do?
• Encrypts all network traffic between your
computer and the K
K‐State
State border
• Makes your computer appear to be on
campus to get access to restricted resources
• Does NOT necessarily encrypt everything
that goes to the Internet ((“split
split tunneling
tunneling”))
• Can’t use it on campus yet (to secure your
wireless for example); will be able to soon.
wireless,
soon
Where do you get it?
You’ll need to install the “VPN Client”
Information and software are available at:
h
http://www.k‐state.edu/infotech/networks/vpn/
//
k
d / f
h/
k/
/
Disconnected
Connected
IT Policy
Please don’t fall asleep during the
nextt few
f slides…
lid
PPM Section 3400
• K‐State Computing and IT Policies are
listed in the PPM as Section 3400
http://www.k‐state.edu/policies/ppm/1020.html
– We’ll go and read all 54 of them now…
– No we won’t.
IT Policy examples…
• 3420: Information Technology Usage
Authorized use of KSU‐owned or operated
p
computing
p
g and
network resources is consistent with the education,
research, and service mission of the University
• 3430: Security
S
it for
f Information,
I f
ti
Computing
C
ti and
d
Please
time to read them all!
Network take
Resources
Protection of the privacy of information,
information and against
unauthorized modification of information, denial of
service, or unauthorized access.
• 3434: IT Security Incident Reporting and Response
Reporting security incidents involving K‐State information
and/or
d/ information
i f
ti ttechnology
h l
resources
More IT information
Because everyone wants more…
Where to get more
•
•
•
•
•
•
•
•
K‐State Alerts (eProfile, emergency contacts)
Securty‐Alerts
Securty
Alerts listserv (auto
(auto‐subscribed)
subscribed)
IT Tuesday
Threats Blog
General questions to "Security@k‐state.edu“
Monthl Security
Monthly
Securit Round Tables (open to all)
October 5th all‐day training (Annualish)
S
SecureIT.k‐state.edu
IT k t t d
Best Practices
The best laid plans of men are useless
without
ith t a g
good
d sett off iinstructions…
t ti
…makes you wonder why men never
read the instructions?
instr ctions?
Top 5 Tips
• Secure you eID password
• Installll K‐State's
' antivirus software
f
• Back up important files
• Be wary of e‐mail attachments
• Use a password on your screensaver
Questions?
What is the air speed velocity of an
unladen swallow?
www.style.org/unladenswallow
Download